cryptography and pki

Introduction to Cryptography and PKI

Presented By: Rabei Hassan

• Rabei Hassan• CISSP-ISSAP, CCSP, CRISC, CISM, CISA, CEH, ECSA, CHFI, Security+

• MCTS, MCSE: Security, MCDBA, MCSA: Messaging

• More than 18 years working experience at various IT fields• Infrastructure and Info Security Consultation and Training

• IT Management

• Web and Windows Application Development

• Systems and Database Administration

• https://au.linkedin.com/in/rabei-hassan-564b3214

https://au.linkedin.com/in/rabei-hassan-564b3214

Session Objectives

• Cryptography and Security

• Methods of Encryption and Decryption

• What is an Algorithm?

• Symmetric Algorithm

• Asymmetric Algorithm

• Hybrid Encryption

• Hashing Algorithm

• Securing the Algorithm or the Key

• Hash Value and Rainbow Table

• Digital Signature

• PKI

Cryptography and Security

ConfidentialityIntegrity

AuthenticityNon-Repudiation

Methods of Encryption and Decryption

• Symmetric• Use ONLY One Key for encryption and decryption

• Asymmetric• Use Two Keys, • One key will be used for encryption• The other key will be used for decryption.

• Hashing• One-Way encryption ..!

What is an Algorithm ?

• Instructions; the steps that we need to follow to do the operation.

• In general, it will has two types of instructions:• Instructions for how to do the encryption• Instruction for how to do the decryption

Symmetric Algorithms

EncryptionInstructions using Key X

Step 1 - ……..Step 2 - ……..Step 3 - ……..Step 4 - ……..

DecryptionInstructions using Key X


Asymmetric Algorithms

EncryptionInstructions using Key X


DecryptionInstructions Using Key Y


Hashing Algorithms

Instructions forOne-Way Encryption

No-KEY


Plain Text Cipher Text

Plain Text Hash Value

Symmetric Algorithms (1/3)

• Vigenere Cipher• Plain Text : Welcome To Cryptography

• Key: RAMGuide

Encryption Instructions1. Put the plain text in a raw.2. Put the Key in a second line raw below the plain text raw.3. If the key-size is smaller than the plain text size, then repeat it until it become the

same size as the plain text.4. According to the table on the right section, the cipher text will be the inter section

between the character in the plain text raw and the character in the key raw.

Plain Text W E L C O M E T O C R Y P T O G R A P H Y

Key R A M G U I D E R A M G U I D E R A M G U

Cipher Text N E X I . . . . . . . . . . . . . . . . .

Decryption Instructions

Binary Mathematics

X AND YX OR Y

X XOR Y

Both values need to be true, so the output will be true.

One OR Two values need to be true so the final value will be true.

One and Only One value need to be true so the final value will be true.


• Vernam (One-Time Pad) Cipher• Plain Text : Welcome

• Key: RAMGuid

Encryption Instructions

1. The key must be the same size as the plain text.2. Put the Key in a second line raw below the plain text raw.3. XOR between them on the bit level.

Plain TextW

0101 0111E

0100 0101L

0100 1100C

0100 0011O

0100 1111M

0100 1101E

0100 0101

KeyR

0101 0010A

0100 0001M

0100 1101G

0100 0111U

0101 0101I

0100 1001D

0100 0100

Cipher Text 0000 0101 0000 0100 . . . . .

W 0 1 0 1 0 1 1 1

R 0 1 0 1 0 0 1 0

0 0 0 0 0 1 0 1

E 0 1 0 0 0 1 0 1

A 0 1 0 0 0 0 0 1

0 0 0 0 0 1 0 0

Decryption Instructions


• DES …………………. [Key Size is …. 56-bit]

• 3DES ……………….. [Key Size could be …… 112-bit …… 168-bit]

• AES …………………. [Key Size could be ……. 128-bit ..… 192-bit …. 256-bit]

Asymmetric Algorithms• Will use two keys:

• Public Key ……………………. [Any one can get a copy of it]

• Private Key ………………….. [Maintained by the owner]

• Public/Private key is for one entity/individual only.

AmrJana

1. Amr will send his Public Key to Jana 2. Jana will encrypt the message with Amr Public Key3. Jana will send the secret message to Amr

4. Amr will decrypt the secret message with his own Private Key

Amr Public KeyAmr Private Key

Jana Private KeyAmr need to receive something securely from Jana

Amr Public Key

Asymmetric Algorithms

• Diffie-Hellman ………..[Key Exchange]

• EL Gamal …………………[Key Exchange – Encryption – Digital Signature]

• RSA ………………………….[Key Exchange – Encryption – Digital Signature]

• Elliptic Curve ………….. [Key Exchange – Encryption – Digital Signature]

Symmetric vs. Asymmetric Algorithms

Symmetric Asymmetric

Key Distribution X

Performance FastSlow

1000 ~ 10,000 slower than Symmetric

Scalability X A

B

C

D

E

F

5 Keys

4 Keys

3 Keys

2 Keys

1 Key

Total number of Keys = 5 + 4 + 3 + 2 + 1 = 15

6 Entities (Individuals)

Symmetric

6 Entities (Individual) – each one will has two keys (Public/Private)

6 X 2 = 12

Asymmetric

Hybrid Encryption (Symmetric + Asymmetric)HTTPS://www.Amazon.com

You want to Transfer your Credit-Card information securely

Amazon Public KeyAmazon Private Key

Amazon will send its Public Key

A session Symmetric Key will be generated locally on your own

machine

Credit Card Information The Encrypted Credit-Card Information will be transferred to Amazon.com

Symmetric Key The Session Symmetric Key will be transferred one time only during the whole session

Hash Algorithm (1/2)• One-way encryption, that will generate a fixed length value.

ABC

Funny Hashing Algorithm

1. Get the ASCII Code of each character2. Multiply by the position3. Get the Sum

1. A(65) B(66) C(67)2. 65 X 1 66X2 67X33. 65 + 132 + 201

398

Securing

PasswordsIntegrity[File Transfer]

Hash Algorithm (2/2)

• SHA1 ………………………… [160-bit]

• SHA2 ………………………… [256-bit / 512-bit]

• MD5 …………………………. [128-bit]

Securing the Algorithm or the Key ?

• Pros/Cos of securing the algorithm

• Pros/Cos of making the algorithms publicly accessible and securing only the key• The longer the key, the harder to be compromised.

Algorithm Instructions

Know the exact algorithm

Know the exact key

4 Digits Key[0110]

00000001001001001000

.

.

.

.

2x = 24 = 16

128-bit Key = 2128 =

3.4028236692093846346337460743177e+38

Brute-force Attack

Key need to be changed from time to time

Hash Value and Rainbow Table

ABC

398Hashing

1. Generate “AAA”2. Generate the Hash-Value for …… “AAA”3. Compare the Hash-Value of ….. “AAA” …. with the stolen one

“BBB”“BBB”

“BBB”

Value MD5 SHA1

AAA 3c01… 6f358…

BBB a2c9a… bb27f…

. . .

. . .

. . .

Demo: Generate and Crack Hash Value

Rainbow Table

Digital Signature

AmrJana

Jan Public KeyAmr Private Key

Amr Public KeyJana Private Key

Amr want to send something securely to Jana

Modification to be detected / To be sure it is from Amr

1. Type a message “ABC”2. Hash the message and get the hash value3. Encrypt the hash value using the Amr Private Key

ABCHash Value

ABCHash Value

Hash Value

IntegrityAuthenticityNon-Repudiation

Amr Public Key

Public Key Infrastructure – PKIPublic/Private

Public/Private

Public/Private

Public/Private

X.509

How can we transfer the Public Key / File Format


Public/Private

Public/Private

Public/Private

Certificate Authority (CA)

Who Create/Generate this Certificate

Public Key

X.509


1. How can you trust this certificate ... ? 2. Does this site really belong to ... ?

Tru

st

A Trust B

B Trust C

Trust

Then A will Trust B


Public/Private

Public/Private

Public/Private


Who Create/Generate this Certificate


1. How can you trust this certificate ... ? 2. Does this site really belong to ... ?

Does this certificate really generated by a Trusted CA ?



Public Key

Does this certificate really generated by a Trusted CA ?

Hash Value

DS

Hash Value

Public KeyHash Value

CA Public Key

Public Trusted CA Local Trusted CA

Demo: Where we can find Trusted CAs



Public Key Infrastructure – PKI

Hybrid Encryption (Symmetric + Asymmetric)HTTPS://www.Amazon.com

You want to Transfer your Credit-Card information securely

Amazon Public KeyAmazon Private Key

Amazon will send its Certificate (which contain its Public Key)

A session Symmetric Key will be generated locally on your own

machine

Credit Card Information The Encrypted Credit-Card Information will be transferred to Amazon.com

Symmetric Key The Session Symmetric Key will be transferred one time only during the whole session

Authenticity & Confidentiality

Digital Signature

AmrJana

Jan Public KeyAmr Private Key

Amr Public KeyJana Private Key

Amr want to send something securely to Jana

Modification to be detected / To be sure it is from Amr

1. Type a message “ABC”2. Hash the message and get the hash value3. Encrypt the hash value using the Amr Private Key

ABCHash Value

ABCHash Value

Hash Value

IntegrityAuthenticityNon-Repudiation

Amr Public Key

Public Key Infrastructure – PKI


Public Trusted CA Local Trusted CA

Number / Location

Administration

Servers/Computers

Users

Application/Services

Network Devices

Certificates &

Backup



Issue Policy and MethodsDistribution Policy and Methods

Session Objectives

• Cryptography and Security

• Methods of Encryption and Decryption

• What is an Algorithm?

• Symmetric Algorithm

• Asymmetric Algorithm

• Hybrid Encryption

• Hashing Algorithm

• Securing the Algorithm or the Key

• Hash Value and Rainbow Table

• Digital Signature

• PKI

cryptography and pki

Technology